<?php
/**
 * Created by PhpStorm.
 * User: Kaguya
 * Date: 2015/8/7
 * Time: 2:48
 */
require_once("../dbConn.php");
if($_SERVER['REQUEST_METHOD']=="POST"){
    $username = base64_decode($_POST['username']);
    $oldpassword = $_POST['oldpassword'];
    $newpassword = $_POST['newpassword'];
    $oldhash = base64_decode($oldpassword);
    $newhash = base64_decode($newpassword);
    $Conn = dbConn();
    $sql = sprintf("select count(*) from users where username='%s' and  password='%s'",mysql_real_escape_string($username),mysql_real_escape_string($oldhash));
    $resultRaw = mysql_query($sql,$Conn);
    $result = mysql_fetch_array($resultRaw);
    if($result[0]!=0){
            //$newhash = md5(base64_encode($newpassword));
            $sql = sprintf("update users set password='%s' where username='%s'",mysql_real_escape_string($newhash),mysql_real_escape_string($username));
            $result = mysql_query($sql,$Conn);
            if($result==true){
                $statusx="SUCCESS";
            }else{
                $statusx = "FAIL_DATABASE_ERROR";
            }
    }else{
        $statusx = "FAIL_WRONG_PASSWORD";
    }
    echo $statusx;
}
?>